CVE-2026-13244

Improperly Controlled Modification of Dynamically-Determined Object Attributes vulnerability in Drupal Tealium iQ Tag Management allows Object Injection. This issue affects Tealium iQ Tag Management versions: from 0.0.0 to 2.4.0.

Credits

Drew Webber (mcdruid)
Benji Fisher (benjifisher)
Daniel Schiavone (schiavone)
Benji Fisher (benjifisher)
Bram Driesen (bramdriesen)
Neil Drumm (drumm)
Drew Webber (mcdruid)
Juraj Nemec (poker10)

References